dockercfg-config: Detect .dockercfg

id: dockercfg-config

info:
  name: Detect .dockercfg
  author: geeknik
  severity: high
  description: Docker registry authentication data
  metadata:
    max-request: 2
  tags: docker,exposure,config,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/.dockercfg"
      - "{{BaseURL}}/.docker/config.json"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"email":'
          - '"auth":'
        condition: and

      - type: word
        part: header
        words:
          - "text/plain"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502202d88d2fba39b1502b5ce7dfd3eff7ecc0f4d4276932fed23e188b9db063e936f022100a89f3f600c321f39f6dc381f4ba92baafbdc60faa9e00024595de3766b51c28b:922c64590222798bb761d5b6d8e72950